Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.

Slides:



Advertisements
Similar presentations
Workpackage 2: Norms
Advertisements

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Multimedia Communications Tejinder Judge Usable Security – CS 6204 – Fall, 2009.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –
Welfare: Consumer and Producer Surplus and Internal Rate of Return Daniel Mason-D’Croz Sherman Robinson.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.
Privacy Chris Kelly iLaw July 5, 2002.
CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.
Ethics and Responsibility
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Food & Ethics (Source: Michael Korthals, 2001, “Taking Consumers Seriously...,” Journal of Agricultural & Environmental Ethics, 14: ) Seriously...,”
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.
UNIT 2: CONTEXT. Chapter 3: Ethics & Social Responsibility.
Privacy After Nixon's resignation, the govt took control of all of his presidential records, including the tapes, in the Presidential Recordings and Materials.
C4- Social, Legal, and Ethical Issues in the Digital Firm
Theoretical Constructs
Anonymity, Security, Privacy and Civil Liberties
Other Laws (Primarily for E-Government) COEN 351.
Privacy as contextual integrity Helen Nissenbaum New York University September 6, 2007 Ars Electronica, Linz Support.
What Should Be A Crime?. Recall: Two Main Perspectives 1. Achieving social order outweighs concerns for social justice. 2. CJ system goals must be achieved.
Notes for Discussion on a Privacy Practice © Joe Cleetus.
Corporate Social Responsibility
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
FAO’S Development Law Service Law and Development at FAO “Sound legal frameworks are essential to achieving sustainable agricultural development and effective.
Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
Contextual Integrity as a Normative Guide for Privacy Helen Nissenbaum New York University * School of Information, UC Berkeley April 2, 2008 * Supported.
Do you believe in this? Due to its very nature, the Internet is NOT a safe or secure environment. It is an ever-changing medium where anyone and everyone.
Philosophy 223 Technology in the Workplace: The Concern for Privacy.
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
Privacy in Context Helen Nissenbaum Department of Culture and Communication New York University m Research supported.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 15 Privacy as a Value.
Constitutions The Master Institution January 31 st, 2006.
 An ideal condition in which all members of a society have the same basic rights, security, opportunities, obligations and social benefits.  Social.
LEARNING OBJECTIVES TO UNDERSTAND THE RELATIONSHIP OF ETHICS TO MANAGEMENT IN THE INFORMATION SOCIETY TO APPRECIATE THE MORAL DIMENSIONS INVOVED & THE.
Ethical and Social Impact of Information Systems
14.1 Chapter 14 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Policy Authoring Matthew Dunlop Usable Security – CS 6204 – Fall, 2009 – Dennis.
What is Privacy?. 3 Types of Privacy 1.Accessibility Privacy 2.Decisional Privacy 3.Informational Privacy.
Internet & Privacy Y. POULLET Prof. at the Univ. of Namur and Liege Dean of the Faculty of Law of Namur Director of the CRID
ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 2 – Privacy School of Computer Science.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart, Secure and Sustainable Home: A Socio-Technological Perspective Aleksandr.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Collective Information Practice: Exploring Privacy and Security as Social and Cultural.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 13 Privacy as a Value.
1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.
The Role of Media in a Democracy Dr Greg Simons Department of Eurasian Studies Uppsala University.
Privacy. Some Web Science Issues Kieron O’Hara 29 November 2011.
Judicial Training on Data Protection and Privacy Rights
Democracy in the United States
ETHICAL & SOCIAL IMPACT OF INFORMATION SYSTEMS
Chapter 1 Sect. 3 Mr. Gordon.
Media Structure, Economics and Global
AJS 552 Innovative Education-- snaptutorial.com
A Gift of Fire Third edition Sara Baase
A Gift of Fire Third edition Sara Baase
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Chapter 5 Computer Security
Ethics and Politics of Computational Social Science
Presentation transcript:

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Papers H. Nissenbaum. Privacy as contextual integrity. Washington Law Review, 79(1):119–158, A. Barth, A. Datta, J. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: framework and applications. In Security and Privacy, 2006 IEEE Symposium on, pages 15 pp.–198, May Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Privacy Scenarios Public Records Online  Local vs. Global access of data Consumer Profiling and Data Mining  Aggregation/analysis of data vs. single occurrence RFID Tags  Automated capture of enhanced/large amounts of information Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Current Practice in Law Three guiding principles: 1. Protecting privacy of individuals against intrusive government agents  1 st, 3 rd, 4 th, 5 th, 9 th, 14 th amendments, Privacy Act (1974) 2. Restricting access to sensitive, personal, or private information  FERPA, Right to Financial Privacy Act, Video Privacy Protection Act, HIPAA 3. Curtailing intrusions into spaces or spheres deemed private or personal  3 rd, 4 th amendments Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Grey Areas of the Three Principles USA PATRIOT Act Credit headers Private vs. public space Online privacy at the workplace Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Principles and Public Surveillance Public surveillance not covered by principles  No government agents pursuing access to citizens  No collection of personal/sensitive information  No intrusion personal/private spaces  No privacy problems!

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Reasonable Expectation of Privacy Extension to principles 1. Person expects privacy 2. Expectation deemed reasonable by society But: Yielding privacy in public space!

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Downsides of Three Principles Not conditioned on additional dimensions  Time, location, etc. Privacy based on dichotomies  Private – public, sensitive – non-sensitive, government – private, …

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Contextual Integrity: Idea Main idea:  Everything happens within a certain context  Context can be used to provide normative account of privacy

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Contextual Integrity: Corner Stones Contextual Integrity based on two corner stones:  Appropriateness Norms about what is appropriate within context Norms about what is not appropriate within context Allowable, expected, demanded information  Distribution Norms about information flow Free choice, discretion, confidentiality, need, entitlement, obligation

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Concerns Could be detrimentally conservative Loses prescriptive character through ties to practice and convention Favors status quo

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Solution Distinguish actual and prescribed practice Grounds for prescription can vary between different possibilities Norms can change over time/locations

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Change of Norms Compare current with proposed norm, compare social, political, and moral values Affected Values:  Prevention of information-based harm  Informational inequality  Autonomy and Freedom  Preservation of important human relationships  Democracy and other social values

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Scenarios (revisited) Public Records Online  Local vs. Global access of data Consumer Profiling and Data Mining  Aggregation/analysis of data vs. single occurrence RFID Tags  Automated capture of enhanced/large amounts of information

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Second paper Formalization of Contextual Integrity:  Linear Temporal Logic Agents P, attributes T, computation roles (t,t') Knowledge state Messages M,  k -> p,q,m -> k', k' := k U q x content(m) Roles R, contexts C (partition of R) Role state Trace: sequence of triples (k, p, a)

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Temporal Logic Grammar

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Model Checking Consistency Entailment Compliance

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Example: HIPAA

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Comparison to Other Models

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Discussion What are strengths/weaknesses of Contextual Integrity? Is a formal model of Contextual Integrity useful? How can an end-user benefit?